'\" te
.\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH GETPPRIV 2 "Sep 10, 2004"
.SH NAME
getppriv, setppriv \- get or set a privilege set
.SH SYNOPSIS
.LP
.nf
#include <priv.h>

\fBint\fR \fBgetppriv\fR(\fBpriv_ptype_t\fR \fIwhich\fR, \fBpriv_set_t *\fR\fIset\fR);
.fi

.LP
.nf
\fBint\fR \fBsetppriv\fR(\fBpriv_op_t\fR \fIop\fR, \fBpriv_ptype_t\fR \fIwhich\fR, \fBpriv_set_t *\fR\fIset\fR);
.fi

.SH DESCRIPTION
.sp
.LP
The \fBgetppriv()\fR function returns the process privilege set specified by
\fIwhich\fR in the set pointed to by \fIset\fR. The memory for \fIset\fR is
allocated with \fBpriv_allocset()\fR and freed with \fBpriv_freeset()\fR. Both
functions are documented on the \fBpriv_addset\fR(3C) manual page.
.sp
.LP
The \fBsetppriv()\fR function sets or changes the process privilege set. The
\fIop\fR argument specifies the operation and can be one of \fBPRIV_OFF\fR,
\fBPRIV_ON\fR or \fBPRIV_SET\fR. The \fIwhich\fR argument specifies the name of
the privilege set. The \fIset\fR argument specifies the set.
.sp
.LP
If \fIop\fR is \fBPRIV_OFF\fR, the privileges in \fIset\fR are removed from the
process privilege set specified by \fIwhich\fR. There are no restrictions on
removing privileges from process privileges sets, but the following apply:
.RS +4
.TP
.ie t \(bu
.el o
Privileges removed from \fBPRIV_PERMITTED\fR are silently removed from
\fBPRIV_EFFECTIVE\fR.
.RE
.RS +4
.TP
.ie t \(bu
.el o
If privileges are removed from \fBPRIV_LIMIT\fR, they are not removed from the
other sets until one of \fBexec\fR(2) functions has successfully completed.
.RE
.sp
.LP
If \fIop\fR is \fBPRIV_ON\fR, the privileges in \fIset\fR are added to the
process privilege set specified by \fIwhich\fR.  The following operations are
permitted:
.RS +4
.TP
.ie t \(bu
.el o
Privileges in \fBPRIV_PERMITTED\fR can be added to \fBPRIV_EFFECTIVE\fR without
restriction.
.RE
.RS +4
.TP
.ie t \(bu
.el o
Privileges in \fBPRIV_PERMITTED\fR can be added to \fBPRIV_INHERITABLE\fR
without restriction.
.RE
.RS +4
.TP
.ie t \(bu
.el o
All operations that attempt to add privileges that are already present are
permitted.
.RE
.sp
.LP
If \fIop\fR is \fBPRIV_SET\fR, the privileges in \fIset\fR replace completely
the process privilege set specified by \fIwhich\fR. \fBPRIV_SET\fR is
implemented in terms of \fBPRIV_OFF\fR and \fBPRIV_ON\fR. The same restrictions
apply.
.SH RETURN VALUES
.sp
.LP
Upon successful completion, 0 is returned. Otherwise, -1  is returned and
\fBerrno\fR is set to indicate the error.
.SH ERRORS
.sp
.LP
The \fBgetppriv()\fR and \fBsetppriv()\fR functions will fail if:
.sp
.ne 2
.na
\fB\fBEINVAL\fR\fR
.ad
.RS 10n
The value of \fIop\fR or \fIwhich\fR is out of range.
.RE

.sp
.ne 2
.na
\fB\fBEFAULT\fR\fR
.ad
.RS 10n
The \fIset\fR argument points to an illegal address.
.RE

.sp
.LP
The \fBsetppriv()\fR function will fail if:
.sp
.ne 2
.na
\fB\fBEPERM\fR\fR
.ad
.RS 9n
The application attempted to add privileges to \fBPRIV_LIMIT\fR or
\fBPRIV_PERMITTED\fR, or the application attempted to add privileges to
\fBPRIV_INHERITABLE\fR or \fBPRIV_EFFECTIVE\fR which were not in
\fBPRIV_PERMITTED\fR.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(7) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	Evolving
_
MT-Level	MT-Safe
.TE

.SH SEE ALSO
.sp
.LP
.BR priv_addset (3C),
.BR attributes (7),
.BR privileges (7)
